Fraud Alert – How Retailers and Restaurants Continue to Struggle with Retail Theft and Fraud

Retail Theft and Fraud

If you look at the headlines, all you will see are news reports of the rise of smash and grabs or reports of organized retail crime in major cities. Without question these areas of retail theft and fraud are growing at alarming rates, but these sensational acts are just a small part of a huge problem retailers face every day.

Worldwide, retail losses due to employee and consumer theft have risen to $212.9b in 2022. And the reasons are growing from outright theft inside of the physical store to fraud/theft in Click and Collect orders to online hacks. Some of the newer techniques include showing up with fake IDs for orders or even taking lunch/dinner orders placed on a central counter for takeout.

More often than not, the solutions include a combination of better training, more equipped employees focus on theft, and more IT solutions.

According to recent IHL Research, retailers spend an average 13% of their IT budget on security. The challenge for many, however, is that 15%-40% of that security budget is earmarked for payment security and PCI compliance activities. This is a major problem for retailers because with so much of the budget going to cover just the payment cards, less is available for the other areas.

At the same times stores are exponentially increasing technology beyond POS to include other IoT devices such as digital signage, communications systems, kiosks, cameras, electronic shelf labels, digital lighting and cooling systems, and enabling mobile devices of employees, partners, and customers in their stores. The CISO’s is being consistent in the process and procedures for each new device that connects but still being responsive to the demands of the business units. Each provides a different attack surface so CIOs must be consistent in approach but diverse in the manner each is secured. Further, more and more often Marketing and Operations are driving IT purchases from their own budgets faster than IT can keep up, opening up possible security holes with potentially disastrous consequences as the number of attack surfaces exponentially increase.

Some of the newer mitigation techniques mix a combination of digital and physical solutions. There are technologies that deploy AI to study scanning patterns at the lane and self-checkout to immediately flag transaction and alert associates to challenge consumers. These help when customers try to scan the barcode for one item and place the other in the bag or go through the scanning motion but cover the barcode. Another technology includes locking all 4 wheels of the shopping cart when unscanned items are detected.

Others are more focused specifically on protecting the networks from overall data breaches. And that focus on security pays. IHL research has shown that those retailers willing to pay a 10% higher premium for security are up to 10.5x higher sales growth than competitors. While the rest of the industry scrambled to deploy new technologies early in the pandemic often at the expense of security, winning retailers did not. Still 1 in 3 retailers admitted to deploying mobile devices that were not as secure as usual and 41% rushed purchases through without the normal due diligence.

The best performing retailers are not only more protective during the pandemic, but they are also more consistent in their security practices across the board, using layers of security whenever possible. This includes technology layers as well as physical security layers with personnel and devices. On the technical side they have adopted a zero-trust approach to data access. On the physical side they are leveraging products and personnel to add deterrence without it appearing as the surveillance state.

Without question, the challenges of retail theft and fraud are greater than ever. The smartest retailers are focusing on layered solutions and discipline in all areas of their operations to optimize protection and performance.